Because, wp_kses_no_null() is used inside of safecss_filter_attr(). If the latter function has any usage outside of the usual wp_kses_attr() calls, then someone could be depending on the removal of hex codes for security.

A secondary concern would be that the kses filter incorrectly removes multiple chars from the middle of user input. This could be exploited to form other unwanted strings, including \0 itself by simply re-encoding as \\00.

Yeah - you found the alternatives. I like attachment:miqro-28699.5.patch​​ - when reading a call to the function, it's clear what the parameter does. Any of the following would pass the "no boolean trap" test.

Either of the last two seem fine to me. Stylistically, I may have a slight preference for attachment:miqro-28699.5.patch​, since it allows for the current "keep", "remove", and a possible future "urlencode", etc. (We'll never need/want such an option; I'm just talking about style habits, not the code.)